Displaying 3 results from an estimated 3 matches for "ssl_proxy_ctx_verify_client".
2015 Feb 11
2
[PATCH] Fix for client certificate validation does not work
...l_ctx);
- load_ca(store, set->ssl_ca, load_xnames ? &xnames : NULL);
+ load_ca(ssl_ctx, set->ssl_ca);
}
ssl_proxy_ctx_set_crypto_params(ssl_ctx, set);
SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
- return xnames;
}
static void
@@ -1068,7 +1037,7 @@
}
static void
-ssl_proxy_ctx_verify_client(SSL_CTX *ssl_ctx, STACK_OF(X509_NAME) *ca_names)
+ssl_proxy_ctx_verify_client(SSL_CTX *ssl_ctx)
{
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
X509_STORE *store;
@@ -1079,8 +1048,6 @@
#endif
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
ssl_verify_client_cert);...
2013 Apr 07
1
ssl_require_crl does not work as expected
...xy=0, require_crl=0, error=3
Apr 7 13:01:22 d600 dovecot: imap-login: Invalid certificate: unable to
get certificate CRL: /CN=Root-CA.../C=DE
I dont know what the proxy-stuff is about so instead of ignoring CRL-related
errors I tried to disable CRL-checking. I therefore commented out two lines
in
ssl_proxy_ctx_verify_client() in ssl-proxy-openssl.c line 1004, namely:
// X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK |
// X509_V_FLAG_CRL_CHECK_ALL);
This tells OpenSSL not to check CRLs. Of course in production code this
should be done only if "ssl_require_crl = no".
Similar code is...
2013 Jul 06
1
[PATCH] login-common: Add support for ECDH/ECDHE cipher suites
...e_chain(SSL_CTX *ctx, const char *cert)
{
/* mostly just copy&pasted from SSL_CTX_use_certificate_chain_file() */
@@ -1209,7 +1282,6 @@
#endif
ssl_proxy_ctx_use_key(ctx->ctx, ssl_set);
- SSL_CTX_set_info_callback(ctx->ctx, ssl_info_callback);
if (ctx->verify_client_cert)
ssl_proxy_ctx_verify_client(ctx->ctx, xnames);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130706/26a2b8cb/attachmen...